PHP and shtool

Some distributions are reported to ship a vulnerable version of shtool with
their PHP development packages. The vulnerability in shtool is caused by a
symbolic-link race condition that may be exploitable by a local attacker to
view the contents of temporary files, or to overwrite arbitrary files with the
permissions of the victim using shtool.

Users should watch their distribution vendors for updated packages and should
consider disabling any versions of shtool that are not known to have been updated.

Adobe Reader

The Adobe Reader is used to view PDF files and is available on Linux, Mac
OS X, and Windows. A buffer overflow in an unspecified "core application
plugin" may be exploitable by a remote attacker who creates a carefully
crafted PDF file that, when viewed by the victim, executes arbitrary code with
the victim's permissions.

All users of Adobe Reader should upgrade as soon as possible to version 7.0.1.1
or newer.

Kismet

Kismet, a wireless sniffer and intrusion detection system, is reported to
be vulnerable to a buffer overflow in code that handles pcap captures and code
in the CDP protocol dissector. This buffer overflow may be exploitable, under
some conditions, by a remote attacker who generates specifically formatted packets.
There also may be other undisclosed problems with Kismet.

It is recommended that Kismet be upgraded to version 2005-08-R1 or newer as
soon as possible. It is also suggested that users watch for additional upgrades
to fix other possible problems because the release notes from version 2005-08-R1
include the following statement: "I still don't have info about the exact
nature of the exploits announced at Defcon, but I can't wait any longer. The
current issues fixed are serious, and may encompass the announced exploits."

LibTIFF

LibTIFF, a programming library for reading and manipulating Tagged Image File
Format (TIFF) images, contains a vulnerability in the code that handles the
YCbCr variable inside of a TIFF image header. This vulnerability also affects
software that has LibTIFF included, such as wxPythonGTK.

Users should watch repaired and updated versions of LibTIFF and wxPythonGTK.

Evolution

Evolution is a Gnome application that provides email, an address book, and
a calendar. Evolution contains vulnerabilities in code dealing with remote
task listing from a remote server, vcards, some information from remote LDAP
servers, and some calendar entries. Successfully exploiting these vulnerabilities
may result in arbitrary code being executed. Versions of Evolution through
version 2.3.6.1 have been reported to be vulnerable.

Affected users should watch their vendors for a repaired version of Evolution.
Mandriva has released a repaired package.

Mutt

Mutt, a small text-based email client, is reported to contain a buffer overflow
that may be exploitable by a remote attacker by creating a carefully crafted
email message that when opened with Mutt may cause arbitrary code to be executed
with the victim's permissions. The report states that there is a bug in the
mutt_decode_xbit() function in the file handler.c.

All users of Mutt should watch for a repaired version.

bluez-utils

bluez-utils is a package of utilities that are part of the BlueZ implementation
of Bluetooth for Linux. An attacker may be able to name a Bluetooth device
with certain escape characters so that when the computer pairs with the device,
arbitrary code executes with root permissions.

It is recommended that all users upgrade to bluez-utils version 2.19 immediately.

Ignite-UX

Ignite-UX is an HP-UX administration toolset that aids in the deployment of
multiple installations of HP-UX across a network. An unspecified security vulnerability
in Ignite-UX that involves file permissions may be exploitable to gain access
to client data on the server running Ignite-UX. In addition, under some conditions
a copy of the system password file may be exposed to unauthorized remote view.

HP recommends that affected users apply the appropriate update to correct
the vulnerability. HP-UX users should contact HP for more information and resolutions.

CPAINT

CPAINT, the Cross-Platform Asynchronous INterface Toolkit, provides AJAX (Asynchronous
JavaScript+XML) and JSRS (JavaScript Remote Scripting) back-end support. Several
bugs and problems have been reported in CPAINT that could result in arbitrary
code being executed.

Users are encourage to upgrade to the latest release of CPAINT.

Awstats

Awstats is a web-based, web server log analyzing tool. Versions of Awstats
earlier than 6.5 are reported to be vulnerable due to a lack of input validation
on the referrer information in the web server log. Successfully exploiting
this vulnerability may allow a remote attacker to execute arbitrary Perl code
with the permissions of the user account analyzing the logs.

All users of Awstats should upgrade to version 6.5 or newer as soon as possible
and should disable all URLPlugins until Awstats has been updated.

Clam AntiVirus

Affected users should upgrade to version 0.86.2 or newer of Clam AntiVirus
as soon as possible.

Gaim

Gaim is a messaging client that supports many different instant messaging
protocols, including those of the AIM and ICQ (Oscar protocol), MSN Messenger, Yahoo, IRC,
Jabber, Gadu-Gadu, SILC, GroupWise Messenger, and Zephyr networks. Several
vulnerabilities have been announced that could result in a denial-of-service
condition, or possibly in arbitrary code being executed as the victim.